The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

LFD kills process?

Discussion in 'Security' started by StelarBlack, Feb 10, 2015.

  1. StelarBlack

    StelarBlack Member

    Joined:
    Dec 7, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    I have very strange issue with one user, I am also using cloudlinux, and that user can allocate total of 1GB memory, but I can see that process is alocating too much memory, here is part of lfd.log:

    Feb 10 12:47:17 lin-b10 lfd[602924]: *User Processing* PID:602899 Kill:0 User:antiagei VM:327(MB) EXE:/opt/alt/php55/usr/bin/php-cgi CMD:/usr/bin/php /home/antiagei/public_html/wp-admin/admin-ajax.php.

    User keeps telling me that admin panel of wp gets unresponsive, which is possible due to killed proces, is Kill:0, meaning that process is killed or not?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    670
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    It's not. Your site is most likely under attack with some sort of bot attempting to login with a brute force script, or something, if I was to guess. LFD is alerting you about it as best it can. You could set it to kill anything over 300MB, which IIRC is the default limit. Or you could up the limit a little in CSF/LFD settings to satisfy the need and end the alerts. Killing it wouldn't serve any real purpose in this case, but setting LFD to kill a process when it exceeds its limits is not a bad idea. I'd rather have the site go down and be broken, than permit some sort of script to sit there all day pounding on it.

    Whatever you decide, you should also consider adding security to the wordpress site itself if you don't have any yet. There are a few really good ones that will help you see the attacks and failed logins much easier. And of course make sure the site and everything about it, is up to date. They're knocking at your door right now, look:
    /http://www.wordfence.com/

    GL!
     
Loading...

Share This Page